Enterprise Single Sign On with SAML

Mojo Helpdesk supports Secure Assertion Markup Language (SAML), which is a mechanism that allows single sign-on (SSO) using identity providers such as Active Directory, LDAP, Google, Office 365 etc. SAML eliminates the need for maintaining various credentials for various applications and reduces identity theft.

When Enterprise Single Sign On with SAML is setup, users will be able to login to the help desk through the configured Identity Provider. Once SAML is configured, this will be the only method available for users to login.

How SAML for Mojo works

When a user visits your Mojo Helpdesk and clicks on the login link, he or she will be redirected to the Identity Provider's login system which will authenticate the user and notify Mojo with the user's details, at which point the user will be logged into Mojo.

Configuring SAML

SAML needs to be configured both on your Mojo Helpdesk, and on the Identity Provider.

On Mojo Helpdesk's side you have to specify two fields:

  • Remote Login URL - this is the url to where the user will be redirected to when trying to login into Mojo Helpdesk. This URL should be the SAML entry point of your Identity Provider
  • Certificate fingerprint - SHA1 fingerprint of the SAML certificate from your SAML server. Read this article if you need help finding the SHA1 fingerprint: https://help.mojohelpdesk.com/help/article/300372 

This settings can be edited on the admin portal  Account → Security

On the Identity Provider side you have to specify the following fields:

  • Access Consumer Service (ACS) URL (Reply URL) - https://your-helpdesk-domain/saml/consume
  • Entity ID - your-helpdesk-domain (without the 'https')
  • Name ID* (if applicable) - should be selected to be the user's email address.

User Attributes recognized by Mojo Helpdesk:

  • email
  • first_name
  • last_name